Value gets truncated while running a splunk search query

161 Views Asked by daringfireball At 31 July 2023 at 16:31

I am running a query like. index=1101 source=/UAT/Logs/APP_NAME*.log "Mobile Analytic Logs Mule services" | stats count by OperationName

I am expecting the query to return a table with list of operation name between the given time frame.

But, I could see a strange behavior. The values of the column are getting truncated like below


"deletes
"deleteSubs
"deleteSubsc
"deleteSubscr
"deleteSubscri
"deleteSubscripti
"deleteSubscription
"deleteSubscriptionAl
"deleteSubscriptionAle
"deleteSubscriptionAlert
"g
"ge
"get
"getA
"getAle
"getAler
"getAlert
"getau
"getAuth
"getAuthst
"getCont
"getContactP
"getContactPo
"getContactPoi

How to fix this?

Original Q&A

There are 1 best solutions below

Vad1m On 01 August 2023 at 07:14

Try to add such field extraction for source "/UAT/Logs/APP_NAME*.log" or sourcetype (Settings > Fields > Field extractions):

OperationName=\"(?<OperationName>.*?)\"

Value gets truncated while running a splunk search query

There are 1 best solutions below

Related Questions in SPLUNK

Related Questions in SPLUNK-QUERY

Related Questions in SPLUNK-DASHBOARD

Trending Questions

Popular # Hahtags

Popular Questions